Have an Old iPhone? You Could Be Vulnerable to Hackers

In one of the latest developments in Apple’s battle against the FBI’s demand for a backdoor into the iPhone, law enforcement agencies have suggested that a solution to the current conundrum would be to turn back the clock on the security features that Apple has built into iOS. Clearly, that’s a bad idea. Even the latest iPhones running the newest version of iOS are subject to security vulnerabilities, and claims that the security of iOS 7 was good enough in 2013 and should be good enough now ignore the reality that an old iPhone, or one running an old version of Apple’s mobile operating system, can leave you very vulnerable to hackers.

Craig Federighi, Apple’s senior vice president of software engineering, recently wrote for The Washington Post that our smartphones are more than personal devices. In a “mobile, networked world,” each of our smartphones forms “part of the security perimeter that protects your family and co-workers.” He explains, “Our nation’s vital infrastructure — such as power grids and transportation hubs — becomes more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks through access to just one person’s smartphone.”

In Apple’s estimation, the encryption technology built into the latest version of the iPhone’s operating system don’t just help prevent unauthorized access to the data on your phone, but also form a “critical line of defense” against criminals who want to implant malware or spyware, or use the device of an unsuspecting consumer to access the systems of a business, a public utility, or a government agency.

Despite their best efforts, the engineers who write the code for Apple’s operating system make mistakes, which Federighi acknowledges can each “become a point of weakness, something for attackers to exploit. Identifying and fixing those problems are critical parts of our mission to keep customers safe. Doing anything to hamper that mission would be a serious mistake.”

Federighi writes that it’s “disappointing that the FBI, Justice Department and others in law enforcement are pressing us to turn back the clock to a less-secure time and less-secure technologies.” He writes that the security of iOS 7, while it was the best that the company could offer at the time it was introduced, has since been breached by hackers. Some of their methods are now available for sale to attackers who are less technically skilled, but potentially more malicious.

What that means is that if you use an old iPhone running iOS 7, or potentially a new iPhone running an operating system with the same level of protections as iOS 7, you’ll be left vulnerable to the attacks of hackers and criminals who want to undermine your privacy or even your personal safety. “Security is an endless race — one that you can lead but never decisively win,” Federighi writes. “Yesterday’s best defenses cannot fend off the attacks of today or tomorrow.”

As Kirsty Styles points out at The Next Web, there are plenty of people who are still running iOS 7. As indicated by Apple’s latest data on adoption of different versions of iOS, measured by the App Store on February 22, 6% of iOS devices are using iOS 7 or an earlier version of the operating system. Plenty of devices — the iPhone 2G, iPhone 3G, iPhone 3GS, and iPhone 4 — can’t run iOS 8 or a newer version of iOS.

So how many people are really using a very vulnerable version of iOS? Styles notes that taking into account a world population of 7.4 billion people and smartphone penetration of about a third, that equates to 2.3 billion smartphone users. Apple’s operating system is used by almost a third of smartphone users, which means that there are around 766 million iOS users. That coincides with the iPhone sales figures that Apple revealed in March of last year, and adding a few iPads and sales since then, she arrives at the figure of 46 million people who are still running iOS 7 or an even older version.

Those 46 million people are running smartphones “without solid encryption, let alone encryption the FBI is trying to get the keys to.” While the upgrade to iOS 8 required so much space that some people simply didn’t bother upgrading, anyone who owns an iPhone 4s, iPhone 5, iPhone 5s, iPhone 6, or iPhone 6 Plus should really have upgraded to iOS 9, which brought improvements like a smarter assistant, ad-blocking capabilities, big improvements to Apple Maps, a back button, the new Apple News app, and better performance.

The moral of the story is that if you’re still using an old iPhone that can’t upgrade to the latest version of the operating system, it’s time to get a new phone. And if you’re using a phone that’s a couple years old and are still holding off on updating the operating system, it’s time to bite the bullet and download the update.